2 matches found
CVE-2018-12716
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...
CVE-2018-12716
The CVE-2018-12716 entry describes an API service vulnerability in Google Home and Chromecast devices prior to mid-July 2018. The issue allows DNS rebinding to read scan_results JSON data and extract BSSID fields, enabling remote readers on the local network to determine the user’s physical locat...